PR #79955: Update the curl dependency: 8.6.0 -> 8.11.0.

Imported from GitHub PR tensorflow/tensorflow#79955 Due to multiple security vulnerabilities CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-7264, CVE-2024-8096 and CVE-2024-9681 Copybara import of the project: -- f05738b11ff2a6654ef5460d9dac8c6795c04ac6 by Gerwout van der Veen <gerwoutvdveen@gmail.com>: Update the curl dependency: 8.6.0 -> 8.11.0. Due to multiple security vulnerabilities CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-7264, CVE-2024-8096 and CVE-2024-9681 -- b5ce0879ff980d61089c74257f450419d8d167cf by Gerwout van der Veen <gerwoutvdveen@gmail.com>: buildifier formatting Merging this change closes #79955 PiperOrigin-RevId: 696661168
openxla · Nov 14, 2024 · bf5761c · bf5761c
1 parent ecdba3f
commit bf5761c
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 14 deletions.
diff --git a/third_party/tsl/third_party/curl.BUILD b/third_party/tsl/third_party/curl.BUILD
@@ -97,10 +97,6 @@ cc_library(
         "lib/curl_multibyte.h",
         "lib/curl_ntlm_core.c",
         "lib/curl_ntlm_core.h",
-        "lib/curl_ntlm_wb.c",
-        "lib/curl_ntlm_wb.h",
-        "lib/curl_path.c",
-        "lib/curl_path.h",
         "lib/curl_printf.h",
         "lib/curl_range.c",
         "lib/curl_range.h",
@@ -111,15 +107,20 @@ cc_library(
         "lib/curl_setup.h",
         "lib/curl_setup_once.h",
         "lib/curl_sha256.h",
+        "lib/curl_sha512_256.c",
+        "lib/curl_sha512_256.h",
         "lib/curl_sspi.c",
         "lib/curl_sspi.h",
         "lib/curl_threads.c",
         "lib/curl_threads.h",
         "lib/curl_trc.c",
         "lib/curl_trc.h",
         "lib/curlx.h",
+        "lib/cw-out.c",
+        "lib/cw-out.h",
         "lib/dict.c",
         "lib/dict.h",
+        "lib/dllmain.c",
         "lib/doh.c",
         "lib/doh.h",
         "lib/dynbuf.c",
@@ -231,6 +232,8 @@ cc_library(
         "lib/rand.h",
         "lib/rename.c",
         "lib/rename.h",
+        "lib/request.c",
+        "lib/request.h",
         "lib/rtsp.c",
         "lib/rtsp.h",
         "lib/select.c",
@@ -317,12 +320,16 @@ cc_library(
         "lib/vquic/vquic.c",
         "lib/vquic/vquic.h",
         "lib/vquic/vquic_int.h",
+        "lib/vssh/curl_path.c",
+        "lib/vssh/curl_path.h",
         "lib/vssh/libssh.c",
         "lib/vssh/libssh2.c",
         "lib/vssh/ssh.h",
         "lib/vssh/wolfssh.c",
         "lib/vtls/bearssl.c",
         "lib/vtls/bearssl.h",
+        "lib/vtls/cipher_suite.c",
+        "lib/vtls/cipher_suite.h",
         "lib/vtls/gtls.c",
         "lib/vtls/gtls.h",
         "lib/vtls/hostcheck.c",
@@ -452,6 +459,8 @@ cc_binary(
         "lib/config-win32.h",
         "src/slist_wc.c",
         "src/slist_wc.h",
+        "src/terminal.c",
+        "src/terminal.h",
         "src/tool_binmode.c",
         "src/tool_binmode.h",
         "src/tool_bname.c",
@@ -466,6 +475,8 @@ cc_binary(
         "src/tool_cb_rea.h",
         "src/tool_cb_see.c",
         "src/tool_cb_see.h",
+        "src/tool_cb_soc.c",
+        "src/tool_cb_soc.h",
         "src/tool_cb_wrt.c",
         "src/tool_cb_wrt.h",
         "src/tool_cfgable.c",
@@ -591,7 +602,7 @@ genrule(
         "#  define HAVE_SETMODE 1",
         "#  define HAVE_SYS_FILIO_H 1",
         "#  define HAVE_SYS_SOCKIO_H 1",
-        "#  define OS \"x86_64-apple-darwin15.5.0\"",
+        "#  define CURL_OS \"x86_64-apple-darwin15.5.0\"",
         "#  define USE_SECTRANSP 1",
         "#else",
         "#  define CURL_CA_BUNDLE \"/etc/ssl/certs/ca-certificates.crt\"",
@@ -620,7 +631,7 @@ genrule(
         "#  define HAVE_RAND_STATUS 1",
         "#  define HAVE_SSL_GET_SHUTDOWN 1",
         "#  define HAVE_TERMIOS_H 1",
-        "#  define OS \"x86_64-pc-linux-gnu\"",
+        "#  define CURL_OS \"x86_64-pc-linux-gnu\"",
         "#  define RANDOM_FILE \"/dev/urandom\"",
         "#  define USE_OPENSSL 1",
         "#endif",

diff --git a/third_party/tsl/tsl/platform/cloud/curl_http_request_test.cc b/third_party/tsl/tsl/platform/cloud/curl_http_request_test.cc
@@ -497,11 +497,9 @@ TEST(CurlHttpRequestTest, GetRequest_CouldntResolveHost) {
   const auto& status = http_request.Send();
   EXPECT_EQ(error::FAILED_PRECONDITION, status.code());
   EXPECT_EQ(
-      absl::StrCat(
-          "Error executing an HTTP request: libcurl code 6 meaning ",
-          (kIsOpenSource ? "'Couldn't resolve host name', error details: "
-                         : "'Could not resolve hostname', error details: "),
-          "Could not resolve host ", "'metadata'"),
+      absl::StrCat("Error executing an HTTP request: libcurl code 6 meaning ",
+                   "'Could not resolve hostname', error details: ",
+                   "Could not resolve host ", "'metadata'"),
       status.message());
   EXPECT_EQ(0, http_request.GetResponseCode());
 }

diff --git a/third_party/tsl/workspace2.bzl b/third_party/tsl/workspace2.bzl
@@ -323,10 +323,10 @@ def _tf_repositories():
     tf_http_archive(
         name = "curl",
         build_file = "//third_party:curl.BUILD",
-        sha256 = "9c6db808160015f30f3c656c0dec125feb9dc00753596bf858a272b5dd8dc398",
-        strip_prefix = "curl-8.6.0",
+        sha256 = "264537d90e58d2b09dddc50944baf3c38e7089151c8986715e2aaeaaf2b8118f",
+        strip_prefix = "curl-8.11.0",
         system_build_file = "//third_party/systemlibs:curl.BUILD",
-        urls = tf_mirror_urls("https://curl.se/download/curl-8.6.0.tar.gz"),
+        urls = tf_mirror_urls("https://curl.se/download/curl-8.11.0.tar.gz"),
     )
 
     # WARNING: make sure ncteisen@ and vpai@ are cc-ed on any CL to change the below rule